[Steviep]

Hi thats me done both and all seems well with my PC, thank you

Edited by Steviep, 09 April 2014 - 02:52 PM.

[Advertisements]

Hi, just came back to use my PC and I have this showing from my anti virus?

Attached Thumbnails

• 

[Steviep]

Hi, just came back to use my PC and I have this showing from my anti virus?

Attached Thumbnails

• 

[Phel]

Follow these instructions.

 

May I see fresh Malwarebytes and ESET logs?

[Steviep]

Hi when I go to system tools the only thing in there is internet explorer(no add ons)  ?    Here are the logs from last night

 

 

 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Documents and Settings\Stevie\My Documents\Downloads\ccsetup409.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes
 
User: Stevie
->Temp folder emptied: 115120511 bytes
->Temporary Internet Files folder emptied: 18765209 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 89232237 bytes
->Flash cache emptied: 21750 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 510577693 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 773861 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1637010276 bytes
 
Total Files Cleaned = 2,262.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04092014_214935

Files\Folders moved on Reboot...
C:\Documents and Settings\Stevie\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temp\JavaDeployReg.log moved successfully.
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DF11B8.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DF62C.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DF7E0.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DFA1A.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DFA38.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DFDB2.tmp not found!
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\XOHQ316V\like[2].htm moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\XOHQ316V\page-2[2].htm moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\WQ6SKSP9\8n77RrR4jg0[1].htm moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\WQ6SKSP9\postmessageRelay[3].htm moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\UTH5CR90\8n77RrR4jg0[1].htm moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\T0SLRCVQ\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\T0SLRCVQ\fastbutton[1].htm moved successfully.
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\T0SLRCVQ\nQhiC-wSiJx0pvEuJl8d8A[1].eot moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 09/04/2014
Scan Time: 21:45:10
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.09.09
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Stevie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276214
Time Elapsed: 11 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
Trojan.FakeAlert.SA, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\2EOETFM3W2, Delete-on-Reboot, [3f0ebb6d2b50251128183a5da45ea759],
Trojan.FakeAlert.SA, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\D1T2EUR7FZ, Delete-on-Reboot, [6edf3eeaa4d7ad89cb0d36e26c97e51b],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

[Phel]

Okay, let's try it in another way:

 

• Run OTL.
• Under the Custom Scans/Fixes box at the bottom, paste in the following:

  :Commands
  [CLEARALLRESTOREPOINTS]
  [REBOOT]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.

[Steviep]

Hi I've done that :

 

========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 04102014_220509
 

[Phel]

So, what's up with a problem?

[Steviep]

I dont know what you mean? I've had the pc on all day today and it seems to be working ok. Do you think that it is now fixed?

[Steviep]

Hi Phel,

 

I wonder if there is anything else I need to do now to my PC, it seems to be working fine now but I didnt know if you needed me to do anything else?

[Phel]

it seems to be working fine

 
It is what I want to hear from you. And since I don't see any signs of malware in your logs

Congratulations, your PC is clean now.

However, you need to follow some important steps to remove tools and prevent infection again.

Warning! Windows XP is not supported anymore.

On 8th April 2014 Microsoft stopped supporting Windows XP. From this moment Windows XP is counted as outdated and new security patches won't be released for this OS. It means that your computer is potentially vulnerable and won't be protected from the newest threats. So, I strongly recommend thinking about migration to newer version of Windows.

Supported Operating Systems by Microsoft for home use are:

• Windows Vista (only with Service Pack 2)
• Windows 7
• Windows 8/8.1

Step 1. Uninstalling Programs.

• Open Start menu.
• Click on Control Panel.
• Click on Programs and Features. New window should appear.
• Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

• ESET Online Scanner
• Malwarebytes Anti-Malware

Step 2. Uninstall AdwCleaner.

• Run AdwCleaner on your Desktop.
• Click Uninstall button.
• AdwCleaner will be removed from your computer.

Step 3. CleanUp.

Run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  

  :Commands
  [EMPTYTEMP]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• After reboot run OTL again.
• Click on CleanUp button.
• OTL will be removed from your computer.

Here are some recommendations for you, how to stay safe in the internet.

• Keep your system up-to-date. It will increase your protection level, because sometimes malware can use system vulnerabilities.
  
  To learn more, how to turn Automatic Updates on, if you haven't turned it on before, click here.
   
• Keep another software up-to-date too. Malware can often use third party software vulnerabilities.
  
  You can monitor news about vulnerabilities or just simply install software, which will scan your computer for outdated and vulnerable software versions. If outdated version is found, this software will notify you about it and even install updates automatically.
  
  One of these programs is Secunia Personal Software Inspector. It requires installation, you can learn more about it here. This software also has online version - Secunia Online Software Inspector. It's Java applet, which requires Java Runtime Environment. You can learn more about it here.
  
  Another good program is FileHippo.com Update Checker. It requires installation and it scans your computer very rapidly. You can learn more about it here.
   
• Keep your antivirus software always up-to-date.
  
  Turn on automatic definition updates for your antivirus, if you haven't turned it on before, it's a basis of protection. Don't forget to keep your antivirus engine version up-to-date, new versions usually have advanced functionality. They can clean and prevent infections more effectively, than outdated versions.
   
• Use limited user account. It will considerably increase your level of protection.
  
  90% of Malware won't work under limited user account, because they need administrator priveleges. If you are using Windows XP, then you can use DropMyRights while you are surfing in the internet. If you are using Windows 7/Vista, then you'll need to create new User with limited rights.
   
• Invent strong and long passwords for your accounts, if you want to keep your personal and confidential data in safety.
  
  Sometimes malware have very dangerous functionality - they can crack your passwords. Please, set very strong password for your administrator account in Windows, then malware won't harm your PC. Here you can find a nice tutorial, how to create strong passwords. For each account in the internet create individual password.

Hope that these recommendations will help you and you will avoid malware infections in the future. Good luck and safe web to you!